|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace Spatie\SslCertificate; |
|
4
|
|
|
|
|
5
|
|
|
use Throwable; |
|
6
|
|
|
use Spatie\SslCertificate\Exceptions\CouldNotDownloadCertificate; |
|
7
|
|
|
|
|
8
|
|
|
class Downloader |
|
9
|
|
|
{ |
|
10
|
|
|
/** @var int */ |
|
11
|
|
|
protected $port = 443; |
|
12
|
|
|
|
|
13
|
|
|
/** @var int */ |
|
14
|
|
|
protected $timeout = 30; |
|
15
|
|
|
|
|
16
|
|
|
/** @var bool */ |
|
17
|
|
|
protected $enableSni = true; |
|
18
|
|
|
|
|
19
|
|
|
/** @var bool */ |
|
20
|
|
|
protected $capturePeerChain = false; |
|
21
|
|
|
|
|
22
|
|
|
/** |
|
23
|
|
|
* @param int $port |
|
24
|
|
|
* |
|
25
|
|
|
* @return $this |
|
26
|
|
|
*/ |
|
27
|
|
|
public function usingPort(int $port) |
|
28
|
|
|
{ |
|
29
|
|
|
$this->port = $port; |
|
30
|
|
|
|
|
31
|
|
|
return $this; |
|
32
|
|
|
} |
|
33
|
|
|
|
|
34
|
|
|
/** |
|
35
|
|
|
* @param int $sni |
|
36
|
|
|
* |
|
37
|
|
|
* @return $this |
|
38
|
|
|
*/ |
|
39
|
|
|
public function usingSni(bool $sni) |
|
40
|
|
|
{ |
|
41
|
|
|
$this->enableSni = $sni; |
|
|
|
|
|
|
42
|
|
|
|
|
43
|
|
|
return $this; |
|
44
|
|
|
} |
|
45
|
|
|
|
|
46
|
|
|
/** |
|
47
|
|
|
* @param int $ca_chain |
|
48
|
|
|
* |
|
49
|
|
|
* @return $this |
|
50
|
|
|
*/ |
|
51
|
|
|
public function withFullChain(bool $ca_chain) |
|
52
|
|
|
{ |
|
53
|
|
|
$this->capturePeerChain = $ca_chain; |
|
|
|
|
|
|
54
|
|
|
|
|
55
|
|
|
return $this; |
|
56
|
|
|
} |
|
57
|
|
|
|
|
58
|
|
|
/** |
|
59
|
|
|
* @param int $timeOutInSeconds |
|
60
|
|
|
* |
|
61
|
|
|
* @return $this |
|
62
|
|
|
*/ |
|
63
|
|
|
public function setTimeout(int $timeOutInSeconds) |
|
64
|
|
|
{ |
|
65
|
|
|
$this->timeout = $timeOutInSeconds; |
|
66
|
|
|
|
|
67
|
|
|
return $this; |
|
68
|
|
|
} |
|
69
|
|
|
|
|
70
|
|
|
public function getCertificates(string $hostName): array |
|
71
|
|
|
{ |
|
72
|
|
|
$response = $this->fetchCertificates($hostName); |
|
73
|
|
|
|
|
74
|
|
|
$peerCertificate = $response['options']['ssl']['peer_certificate']; |
|
75
|
|
|
|
|
76
|
|
|
$peerCertificateChain = $response['options']['ssl']['peer_certificate_chain'] ?? []; |
|
77
|
|
|
|
|
78
|
|
|
$fullCertificateChain = array_merge([$peerCertificate], $peerCertificateChain); |
|
79
|
|
|
|
|
80
|
|
|
return array_map(function($certificate) { |
|
81
|
|
|
$certificateFields = openssl_x509_parse($certificate); |
|
82
|
|
|
|
|
83
|
|
|
return new SslCertificate($certificateFields); |
|
84
|
|
|
}, $fullCertificateChain); |
|
85
|
|
|
} |
|
86
|
|
|
|
|
87
|
|
|
public function forHost(string $hostName): SslCertificate |
|
88
|
|
|
{ |
|
89
|
|
|
$hostName = (new Url($hostName))->getHostName(); |
|
90
|
|
|
|
|
91
|
|
|
$certificates = $this->getCertificates($hostName); |
|
92
|
|
|
|
|
93
|
|
|
return $certificates[0] ?? false; |
|
94
|
|
|
} |
|
95
|
|
|
|
|
96
|
|
|
public static function downloadCertificateFromUrl(string $url, int $timeout = 30): SslCertificate |
|
97
|
|
|
{ |
|
98
|
|
|
return (new static()) |
|
99
|
|
|
->setTimeout($timeout) |
|
100
|
|
|
->forHost($url); |
|
101
|
|
|
} |
|
102
|
|
|
|
|
103
|
|
|
protected function fetchCertificates(string $hostName): array |
|
104
|
|
|
{ |
|
105
|
|
|
$hostName = (new Url($hostName))->getHostName(); |
|
106
|
|
|
|
|
107
|
|
|
$sslOptions = [ |
|
108
|
|
|
'capture_peer_cert' => true, |
|
109
|
|
|
'capture_peer_cert_chain' => $this->capturePeerChain, |
|
110
|
|
|
'SNI_enabled' => $this->enableSni, |
|
111
|
|
|
]; |
|
112
|
|
|
|
|
113
|
|
|
$streamContext = stream_context_create([ |
|
114
|
|
|
'ssl' => $sslOptions, |
|
115
|
|
|
]); |
|
116
|
|
|
|
|
117
|
|
|
try { |
|
118
|
|
|
$client = stream_socket_client( |
|
119
|
|
|
"ssl://{$hostName}:{$this->port}", |
|
120
|
|
|
$errorNumber, |
|
121
|
|
|
$errorDescription, |
|
122
|
|
|
$this->timeout, |
|
123
|
|
|
STREAM_CLIENT_CONNECT, |
|
124
|
|
|
$streamContext |
|
125
|
|
|
); |
|
126
|
|
|
} catch (Throwable $thrown) { |
|
127
|
|
|
$this->handleRequestFailure($hostName, $thrown); |
|
128
|
|
|
} |
|
129
|
|
|
|
|
130
|
|
|
if (!$client) { |
|
131
|
|
|
throw CouldNotDownloadCertificate::unknownError($hostName, "Could not connect to `{$hostName}`."); |
|
132
|
|
|
} |
|
133
|
|
|
|
|
134
|
|
|
$response = stream_context_get_params($client); |
|
135
|
|
|
return $response; |
|
136
|
|
|
} |
|
137
|
|
|
|
|
138
|
|
|
protected function handleRequestFailure(string $hostName, Throwable $thrown) |
|
139
|
|
|
{ |
|
140
|
|
|
if (str_contains($thrown->getMessage(), 'getaddrinfo failed')) { |
|
141
|
|
|
throw CouldNotDownloadCertificate::hostDoesNotExist($hostName); |
|
142
|
|
|
} |
|
143
|
|
|
|
|
144
|
|
|
if (str_contains($thrown->getMessage(), 'error:14090086')) { |
|
145
|
|
|
throw CouldNotDownloadCertificate::noCertificateInstalled($hostName); |
|
146
|
|
|
} |
|
147
|
|
|
|
|
148
|
|
|
throw CouldNotDownloadCertificate::unknownError($hostName, $thrown->getMessage()); |
|
149
|
|
|
} |
|
150
|
|
|
} |
|
151
|
|
|
|
spatie /
ssl-certificate
Loading history...
Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a mixed type is assigned to a property that is type hinted more strictly.
For example, imagine you have a variable
$accountIdthat can either hold an Id object or false (if there is no account id yet). Your code now assigns that value to theidproperty of an instance of theAccountclass. This class holds a proper account, so the id value must no longer be false.Either this assignment is in error or a type check should be added for that assignment.